My Java application uses kerberos to authenticate to Windows Active Directory KDC and it is using RC4-HMAC for default_tkt_enctypes
, default_tgs_enctypes
, permitted_enctypes
in krb5 configuration file.
By replacing RC4-HMAC with aes128-cts-hmac-sha1-96 the application gives following KrbException with status code 14.
message: KDC has no support for encryption type javax.security.auth.login.FailedLoginException: Login error:
My question is whether Kerberos is vulnerable to RC4 Bar Mitzvah attach? If yes, how to resolve this with the above exception.